Welcome to our Secure Development Tips blog

Every other week, we provide expert tech tips on how to build and deploy secure applications.  These best practices, derived from Security Innovation’s assessments of the worlds’ most dominant software applications,  are taken directly from our TeamMentor product, which includes more than 3,500 guidance assets and articles on secure software design, coding and testing.    

Subscribe by Email

Your email:

Secure Development Tips

a blog with tips relating to secure application development, from Security Innovation's eknowledge database, TeamMentor

Current Articles | RSS Feed RSS Feed

Log Unusual Activity

  
  

What to Do

Log unusual activity.

Why

Unusual activity may be an indication that an attack is in progress.

How

Perform the following actions to implement logging of unusual activity:

  1. Define unusual activity. Make a list of events that constitute unusual activity. Some examples are:
  • Repeated failed authentication attempts
  • Invalid logical access attempts
  • Failed password reset attempts
  • Suspicious financial transactions
  • Unauthorized data access
  • Suspicious database queries that may indicate SQL injection attempts
  1. Identify relevant code. Use the list of unusual activity indicators to find code that implements the functionality for each unusual activity. Make a list of functions that implement the related functionality. One common area for detecting suspicious activity is authentication code.
  2. Identify the logging subsystem. The logging subsystem should provide an API that allows generating log entries from application code. If this API or the logging subsystems don't exist, write them. Make a list of functions that may be used to generate log entries and collect documentation about how to use them.
  3. Log unusual activity. Use the list of functions that are related to suspicious events from step 2 to add code that generates log entries when suspicious activity occurs. Use the list of logging APIs from step 3 to write code that generates log entries.

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics